1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * pkey device driver 4 * 5 * Copyright IBM Corp. 2017, 2023 6 * 7 * Author(s): Harald Freudenberger 8 */ 9 10 #define KMSG_COMPONENT "pkey" 11 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 12 13 #include <linux/fs.h> 14 #include <linux/init.h> 15 #include <linux/miscdevice.h> 16 #include <linux/module.h> 17 #include <linux/slab.h> 18 #include <linux/kallsyms.h> 19 #include <linux/debugfs.h> 20 #include <linux/random.h> 21 #include <linux/cpufeature.h> 22 #include <asm/zcrypt.h> 23 #include <asm/cpacf.h> 24 #include <asm/pkey.h> 25 #include <crypto/aes.h> 26 27 #include "zcrypt_api.h" 28 #include "zcrypt_ccamisc.h" 29 #include "zcrypt_ep11misc.h" 30 31 MODULE_LICENSE("GPL"); 32 MODULE_AUTHOR("IBM Corporation"); 33 MODULE_DESCRIPTION("s390 protected key interface"); 34 35 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */ 36 #define MINKEYBLOBBUFSIZE (sizeof(struct keytoken_header)) 37 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */ 38 #define MAXAPQNSINLIST 64 /* max 64 apqns within a apqn list */ 39 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */ 40 41 /* 42 * debug feature data and functions 43 */ 44 45 static debug_info_t *pkey_dbf_info; 46 47 #define PKEY_DBF_INFO(...) debug_sprintf_event(pkey_dbf_info, 5, ##__VA_ARGS__) 48 #define PKEY_DBF_WARN(...) debug_sprintf_event(pkey_dbf_info, 4, ##__VA_ARGS__) 49 #define PKEY_DBF_ERR(...) debug_sprintf_event(pkey_dbf_info, 3, ##__VA_ARGS__) 50 51 static void __init pkey_debug_init(void) 52 { 53 /* 5 arguments per dbf entry (including the format string ptr) */ 54 pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long)); 55 debug_register_view(pkey_dbf_info, &debug_sprintf_view); 56 debug_set_level(pkey_dbf_info, 3); 57 } 58 59 static void __exit pkey_debug_exit(void) 60 { 61 debug_unregister(pkey_dbf_info); 62 } 63 64 /* inside view of a protected key token (only type 0x00 version 0x01) */ 65 struct protaeskeytoken { 66 u8 type; /* 0x00 for PAES specific key tokens */ 67 u8 res0[3]; 68 u8 version; /* should be 0x01 for protected AES key token */ 69 u8 res1[3]; 70 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */ 71 u32 len; /* bytes actually stored in protkey[] */ 72 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */ 73 } __packed; 74 75 /* inside view of a clear key token (type 0x00 version 0x02) */ 76 struct clearkeytoken { 77 u8 type; /* 0x00 for PAES specific key tokens */ 78 u8 res0[3]; 79 u8 version; /* 0x02 for clear key token */ 80 u8 res1[3]; 81 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */ 82 u32 len; /* bytes actually stored in clearkey[] */ 83 u8 clearkey[]; /* clear key value */ 84 } __packed; 85 86 /* helper function which translates the PKEY_KEYTYPE_AES_* to their keysize */ 87 static inline u32 pkey_keytype_aes_to_size(u32 keytype) 88 { 89 switch (keytype) { 90 case PKEY_KEYTYPE_AES_128: 91 return 16; 92 case PKEY_KEYTYPE_AES_192: 93 return 24; 94 case PKEY_KEYTYPE_AES_256: 95 return 32; 96 default: 97 return 0; 98 } 99 } 100 101 /* 102 * Create a protected key from a clear key value via PCKMO instruction. 103 */ 104 static int pkey_clr2protkey(u32 keytype, const u8 *clrkey, 105 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 106 { 107 /* mask of available pckmo subfunctions */ 108 static cpacf_mask_t pckmo_functions; 109 110 u8 paramblock[112]; 111 u32 pkeytype; 112 int keysize; 113 long fc; 114 115 switch (keytype) { 116 case PKEY_KEYTYPE_AES_128: 117 /* 16 byte key, 32 byte aes wkvp, total 48 bytes */ 118 keysize = 16; 119 pkeytype = keytype; 120 fc = CPACF_PCKMO_ENC_AES_128_KEY; 121 break; 122 case PKEY_KEYTYPE_AES_192: 123 /* 24 byte key, 32 byte aes wkvp, total 56 bytes */ 124 keysize = 24; 125 pkeytype = keytype; 126 fc = CPACF_PCKMO_ENC_AES_192_KEY; 127 break; 128 case PKEY_KEYTYPE_AES_256: 129 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 130 keysize = 32; 131 pkeytype = keytype; 132 fc = CPACF_PCKMO_ENC_AES_256_KEY; 133 break; 134 case PKEY_KEYTYPE_ECC_P256: 135 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 136 keysize = 32; 137 pkeytype = PKEY_KEYTYPE_ECC; 138 fc = CPACF_PCKMO_ENC_ECC_P256_KEY; 139 break; 140 case PKEY_KEYTYPE_ECC_P384: 141 /* 48 byte key, 32 byte aes wkvp, total 80 bytes */ 142 keysize = 48; 143 pkeytype = PKEY_KEYTYPE_ECC; 144 fc = CPACF_PCKMO_ENC_ECC_P384_KEY; 145 break; 146 case PKEY_KEYTYPE_ECC_P521: 147 /* 80 byte key, 32 byte aes wkvp, total 112 bytes */ 148 keysize = 80; 149 pkeytype = PKEY_KEYTYPE_ECC; 150 fc = CPACF_PCKMO_ENC_ECC_P521_KEY; 151 break; 152 case PKEY_KEYTYPE_ECC_ED25519: 153 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */ 154 keysize = 32; 155 pkeytype = PKEY_KEYTYPE_ECC; 156 fc = CPACF_PCKMO_ENC_ECC_ED25519_KEY; 157 break; 158 case PKEY_KEYTYPE_ECC_ED448: 159 /* 64 byte key, 32 byte aes wkvp, total 96 bytes */ 160 keysize = 64; 161 pkeytype = PKEY_KEYTYPE_ECC; 162 fc = CPACF_PCKMO_ENC_ECC_ED448_KEY; 163 break; 164 default: 165 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 166 __func__, keytype); 167 return -EINVAL; 168 } 169 170 if (*protkeylen < keysize + AES_WK_VP_SIZE) { 171 PKEY_DBF_ERR("%s prot key buffer size too small: %u < %d\n", 172 __func__, *protkeylen, keysize + AES_WK_VP_SIZE); 173 return -EINVAL; 174 } 175 176 /* Did we already check for PCKMO ? */ 177 if (!pckmo_functions.bytes[0]) { 178 /* no, so check now */ 179 if (!cpacf_query(CPACF_PCKMO, &pckmo_functions)) 180 return -ENODEV; 181 } 182 /* check for the pckmo subfunction we need now */ 183 if (!cpacf_test_func(&pckmo_functions, fc)) { 184 PKEY_DBF_ERR("%s pckmo functions not available\n", __func__); 185 return -ENODEV; 186 } 187 188 /* prepare param block */ 189 memset(paramblock, 0, sizeof(paramblock)); 190 memcpy(paramblock, clrkey, keysize); 191 192 /* call the pckmo instruction */ 193 cpacf_pckmo(fc, paramblock); 194 195 /* copy created protected key to key buffer including the wkvp block */ 196 *protkeylen = keysize + AES_WK_VP_SIZE; 197 memcpy(protkey, paramblock, *protkeylen); 198 *protkeytype = pkeytype; 199 200 return 0; 201 } 202 203 /* 204 * Find card and transform secure key into protected key. 205 */ 206 static int pkey_skey2pkey(const u8 *key, u8 *protkey, 207 u32 *protkeylen, u32 *protkeytype) 208 { 209 struct keytoken_header *hdr = (struct keytoken_header *)key; 210 u16 cardnr, domain; 211 int rc, verify; 212 213 zcrypt_wait_api_operational(); 214 215 /* 216 * The cca_xxx2protkey call may fail when a card has been 217 * addressed where the master key was changed after last fetch 218 * of the mkvp into the cache. Try 3 times: First without verify 219 * then with verify and last round with verify and old master 220 * key verification pattern match not ignored. 221 */ 222 for (verify = 0; verify < 3; verify++) { 223 rc = cca_findcard(key, &cardnr, &domain, verify); 224 if (rc < 0) 225 continue; 226 if (rc > 0 && verify < 2) 227 continue; 228 switch (hdr->version) { 229 case TOKVER_CCA_AES: 230 rc = cca_sec2protkey(cardnr, domain, key, 231 protkey, protkeylen, protkeytype); 232 break; 233 case TOKVER_CCA_VLSC: 234 rc = cca_cipher2protkey(cardnr, domain, key, 235 protkey, protkeylen, 236 protkeytype); 237 break; 238 default: 239 return -EINVAL; 240 } 241 if (rc == 0) 242 break; 243 } 244 245 if (rc) 246 pr_debug("%s failed rc=%d\n", __func__, rc); 247 248 return rc; 249 } 250 251 /* 252 * Construct EP11 key with given clear key value. 253 */ 254 static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen, 255 u8 *keybuf, size_t *keybuflen) 256 { 257 u32 nr_apqns, *apqns = NULL; 258 u16 card, dom; 259 int i, rc; 260 261 zcrypt_wait_api_operational(); 262 263 /* build a list of apqns suitable for ep11 keys with cpacf support */ 264 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 265 ZCRYPT_CEX7, 266 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 267 NULL); 268 if (rc) 269 goto out; 270 271 /* go through the list of apqns and try to bild an ep11 key */ 272 for (rc = -ENODEV, i = 0; i < nr_apqns; i++) { 273 card = apqns[i] >> 16; 274 dom = apqns[i] & 0xFFFF; 275 rc = ep11_clr2keyblob(card, dom, clrkeylen * 8, 276 0, clrkey, keybuf, keybuflen, 277 PKEY_TYPE_EP11); 278 if (rc == 0) 279 break; 280 } 281 282 out: 283 kfree(apqns); 284 if (rc) 285 pr_debug("%s failed rc=%d\n", __func__, rc); 286 return rc; 287 } 288 289 /* 290 * Find card and transform EP11 secure key into protected key. 291 */ 292 static int pkey_ep11key2pkey(const u8 *key, size_t keylen, 293 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 294 { 295 u32 nr_apqns, *apqns = NULL; 296 int i, j, rc = -ENODEV; 297 u16 card, dom; 298 299 zcrypt_wait_api_operational(); 300 301 /* try two times in case of failure */ 302 for (i = 0; i < 2 && rc; i++) { 303 304 /* build a list of apqns suitable for this key */ 305 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 306 ZCRYPT_CEX7, 307 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 308 ep11_kb_wkvp(key, keylen)); 309 if (rc) 310 continue; /* retry findcard on failure */ 311 312 /* go through the list of apqns and try to derive an pkey */ 313 for (rc = -ENODEV, j = 0; j < nr_apqns && rc; j++) { 314 card = apqns[j] >> 16; 315 dom = apqns[j] & 0xFFFF; 316 rc = ep11_kblob2protkey(card, dom, key, keylen, 317 protkey, protkeylen, protkeytype); 318 } 319 320 kfree(apqns); 321 } 322 323 if (rc) 324 pr_debug("%s failed rc=%d\n", __func__, rc); 325 326 return rc; 327 } 328 329 /* 330 * Verify key and give back some info about the key. 331 */ 332 static int pkey_verifykey(const struct pkey_seckey *seckey, 333 u16 *pcardnr, u16 *pdomain, 334 u16 *pkeysize, u32 *pattributes) 335 { 336 struct secaeskeytoken *t = (struct secaeskeytoken *)seckey; 337 u16 cardnr, domain; 338 int rc; 339 340 /* check the secure key for valid AES secure key */ 341 rc = cca_check_secaeskeytoken(pkey_dbf_info, 3, (u8 *)seckey, 0); 342 if (rc) 343 goto out; 344 if (pattributes) 345 *pattributes = PKEY_VERIFY_ATTR_AES; 346 if (pkeysize) 347 *pkeysize = t->bitsize; 348 349 /* try to find a card which can handle this key */ 350 rc = cca_findcard(seckey->seckey, &cardnr, &domain, 1); 351 if (rc < 0) 352 goto out; 353 354 if (rc > 0) { 355 /* key mkvp matches to old master key mkvp */ 356 pr_debug("%s secure key has old mkvp\n", __func__); 357 if (pattributes) 358 *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP; 359 rc = 0; 360 } 361 362 if (pcardnr) 363 *pcardnr = cardnr; 364 if (pdomain) 365 *pdomain = domain; 366 367 out: 368 pr_debug("%s rc=%d\n", __func__, rc); 369 return rc; 370 } 371 372 /* 373 * Generate a random protected key 374 */ 375 static int pkey_genprotkey(u32 keytype, u8 *protkey, 376 u32 *protkeylen, u32 *protkeytype) 377 { 378 u8 clrkey[32]; 379 int keysize; 380 int rc; 381 382 keysize = pkey_keytype_aes_to_size(keytype); 383 if (!keysize) { 384 PKEY_DBF_ERR("%s unknown/unsupported keytype %d\n", __func__, 385 keytype); 386 return -EINVAL; 387 } 388 389 /* generate a dummy random clear key */ 390 get_random_bytes(clrkey, keysize); 391 392 /* convert it to a dummy protected key */ 393 rc = pkey_clr2protkey(keytype, clrkey, 394 protkey, protkeylen, protkeytype); 395 if (rc) 396 return rc; 397 398 /* replace the key part of the protected key with random bytes */ 399 get_random_bytes(protkey, keysize); 400 401 return 0; 402 } 403 404 /* 405 * Verify if a protected key is still valid 406 */ 407 static int pkey_verifyprotkey(const u8 *protkey, u32 protkeylen, 408 u32 protkeytype) 409 { 410 struct { 411 u8 iv[AES_BLOCK_SIZE]; 412 u8 key[MAXPROTKEYSIZE]; 413 } param; 414 u8 null_msg[AES_BLOCK_SIZE]; 415 u8 dest_buf[AES_BLOCK_SIZE]; 416 unsigned int k, pkeylen; 417 unsigned long fc; 418 419 switch (protkeytype) { 420 case PKEY_KEYTYPE_AES_128: 421 pkeylen = 16 + AES_WK_VP_SIZE; 422 fc = CPACF_KMC_PAES_128; 423 break; 424 case PKEY_KEYTYPE_AES_192: 425 pkeylen = 24 + AES_WK_VP_SIZE; 426 fc = CPACF_KMC_PAES_192; 427 break; 428 case PKEY_KEYTYPE_AES_256: 429 pkeylen = 32 + AES_WK_VP_SIZE; 430 fc = CPACF_KMC_PAES_256; 431 break; 432 default: 433 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", __func__, 434 protkeytype); 435 return -EINVAL; 436 } 437 if (protkeylen != pkeylen) { 438 PKEY_DBF_ERR("%s invalid protected key size %u for keytype %u\n", 439 __func__, protkeylen, protkeytype); 440 return -EINVAL; 441 } 442 443 memset(null_msg, 0, sizeof(null_msg)); 444 445 memset(param.iv, 0, sizeof(param.iv)); 446 memcpy(param.key, protkey, protkeylen); 447 448 k = cpacf_kmc(fc | CPACF_ENCRYPT, ¶m, null_msg, dest_buf, 449 sizeof(null_msg)); 450 if (k != sizeof(null_msg)) { 451 PKEY_DBF_ERR("%s protected key is not valid\n", __func__); 452 return -EKEYREJECTED; 453 } 454 455 return 0; 456 } 457 458 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */ 459 static int nonccatokaes2pkey(const struct clearkeytoken *t, 460 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 461 { 462 size_t tmpbuflen = max_t(size_t, SECKEYBLOBSIZE, MAXEP11AESKEYBLOBSIZE); 463 u8 *tmpbuf = NULL; 464 u32 keysize; 465 int rc; 466 467 keysize = pkey_keytype_aes_to_size(t->keytype); 468 if (!keysize) { 469 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 470 __func__, t->keytype); 471 return -EINVAL; 472 } 473 if (t->len != keysize) { 474 PKEY_DBF_ERR("%s non clear key aes token: invalid key len %u\n", 475 __func__, t->len); 476 return -EINVAL; 477 } 478 479 /* try direct way with the PCKMO instruction */ 480 rc = pkey_clr2protkey(t->keytype, t->clearkey, 481 protkey, protkeylen, protkeytype); 482 if (!rc) 483 goto out; 484 485 /* PCKMO failed, so try the CCA secure key way */ 486 tmpbuf = kmalloc(tmpbuflen, GFP_ATOMIC); 487 if (!tmpbuf) 488 return -ENOMEM; 489 zcrypt_wait_api_operational(); 490 rc = cca_clr2seckey(0xFFFF, 0xFFFF, t->keytype, t->clearkey, tmpbuf); 491 if (rc) 492 goto try_via_ep11; 493 rc = pkey_skey2pkey(tmpbuf, 494 protkey, protkeylen, protkeytype); 495 if (!rc) 496 goto out; 497 498 try_via_ep11: 499 /* if the CCA way also failed, let's try via EP11 */ 500 rc = pkey_clr2ep11key(t->clearkey, t->len, 501 tmpbuf, &tmpbuflen); 502 if (rc) 503 goto failure; 504 rc = pkey_ep11key2pkey(tmpbuf, tmpbuflen, 505 protkey, protkeylen, protkeytype); 506 if (!rc) 507 goto out; 508 509 failure: 510 PKEY_DBF_ERR("%s unable to build protected key from clear", __func__); 511 512 out: 513 kfree(tmpbuf); 514 return rc; 515 } 516 517 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */ 518 static int nonccatokecc2pkey(const struct clearkeytoken *t, 519 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 520 { 521 u32 keylen; 522 int rc; 523 524 switch (t->keytype) { 525 case PKEY_KEYTYPE_ECC_P256: 526 keylen = 32; 527 break; 528 case PKEY_KEYTYPE_ECC_P384: 529 keylen = 48; 530 break; 531 case PKEY_KEYTYPE_ECC_P521: 532 keylen = 80; 533 break; 534 case PKEY_KEYTYPE_ECC_ED25519: 535 keylen = 32; 536 break; 537 case PKEY_KEYTYPE_ECC_ED448: 538 keylen = 64; 539 break; 540 default: 541 PKEY_DBF_ERR("%s unknown/unsupported keytype %u\n", 542 __func__, t->keytype); 543 return -EINVAL; 544 } 545 546 if (t->len != keylen) { 547 PKEY_DBF_ERR("%s non clear key ecc token: invalid key len %u\n", 548 __func__, t->len); 549 return -EINVAL; 550 } 551 552 /* only one path possible: via PCKMO instruction */ 553 rc = pkey_clr2protkey(t->keytype, t->clearkey, 554 protkey, protkeylen, protkeytype); 555 if (rc) { 556 PKEY_DBF_ERR("%s unable to build protected key from clear", 557 __func__); 558 } 559 560 return rc; 561 } 562 563 /* 564 * Transform a non-CCA key token into a protected key 565 */ 566 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen, 567 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 568 { 569 struct keytoken_header *hdr = (struct keytoken_header *)key; 570 int rc = -EINVAL; 571 572 switch (hdr->version) { 573 case TOKVER_PROTECTED_KEY: { 574 struct protaeskeytoken *t; 575 576 if (keylen != sizeof(struct protaeskeytoken)) 577 goto out; 578 t = (struct protaeskeytoken *)key; 579 rc = pkey_verifyprotkey(t->protkey, t->len, t->keytype); 580 if (rc) 581 goto out; 582 memcpy(protkey, t->protkey, t->len); 583 *protkeylen = t->len; 584 *protkeytype = t->keytype; 585 break; 586 } 587 case TOKVER_CLEAR_KEY: { 588 struct clearkeytoken *t = (struct clearkeytoken *)key; 589 590 if (keylen < sizeof(struct clearkeytoken) || 591 keylen != sizeof(*t) + t->len) 592 goto out; 593 switch (t->keytype) { 594 case PKEY_KEYTYPE_AES_128: 595 case PKEY_KEYTYPE_AES_192: 596 case PKEY_KEYTYPE_AES_256: 597 rc = nonccatokaes2pkey(t, protkey, 598 protkeylen, protkeytype); 599 break; 600 case PKEY_KEYTYPE_ECC_P256: 601 case PKEY_KEYTYPE_ECC_P384: 602 case PKEY_KEYTYPE_ECC_P521: 603 case PKEY_KEYTYPE_ECC_ED25519: 604 case PKEY_KEYTYPE_ECC_ED448: 605 rc = nonccatokecc2pkey(t, protkey, 606 protkeylen, protkeytype); 607 break; 608 default: 609 PKEY_DBF_ERR("%s unknown/unsupported non cca clear key type %u\n", 610 __func__, t->keytype); 611 return -EINVAL; 612 } 613 break; 614 } 615 case TOKVER_EP11_AES: { 616 /* check ep11 key for exportable as protected key */ 617 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 618 if (rc) 619 goto out; 620 rc = pkey_ep11key2pkey(key, keylen, 621 protkey, protkeylen, protkeytype); 622 break; 623 } 624 case TOKVER_EP11_AES_WITH_HEADER: 625 /* check ep11 key with header for exportable as protected key */ 626 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 627 3, key, keylen, 1); 628 if (rc) 629 goto out; 630 rc = pkey_ep11key2pkey(key, keylen, 631 protkey, protkeylen, protkeytype); 632 break; 633 default: 634 PKEY_DBF_ERR("%s unknown/unsupported non-CCA token version %d\n", 635 __func__, hdr->version); 636 } 637 638 out: 639 return rc; 640 } 641 642 /* 643 * Transform a CCA internal key token into a protected key 644 */ 645 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen, 646 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 647 { 648 struct keytoken_header *hdr = (struct keytoken_header *)key; 649 650 switch (hdr->version) { 651 case TOKVER_CCA_AES: 652 if (keylen != sizeof(struct secaeskeytoken)) 653 return -EINVAL; 654 break; 655 case TOKVER_CCA_VLSC: 656 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 657 return -EINVAL; 658 break; 659 default: 660 PKEY_DBF_ERR("%s unknown/unsupported CCA internal token version %d\n", 661 __func__, hdr->version); 662 return -EINVAL; 663 } 664 665 return pkey_skey2pkey(key, protkey, protkeylen, protkeytype); 666 } 667 668 /* 669 * Transform a key blob (of any type) into a protected key 670 */ 671 int pkey_keyblob2pkey(const u8 *key, u32 keylen, 672 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 673 { 674 struct keytoken_header *hdr = (struct keytoken_header *)key; 675 int rc; 676 677 if (keylen < sizeof(struct keytoken_header)) { 678 PKEY_DBF_ERR("%s invalid keylen %d\n", __func__, keylen); 679 return -EINVAL; 680 } 681 682 switch (hdr->type) { 683 case TOKTYPE_NON_CCA: 684 rc = pkey_nonccatok2pkey(key, keylen, 685 protkey, protkeylen, protkeytype); 686 break; 687 case TOKTYPE_CCA_INTERNAL: 688 rc = pkey_ccainttok2pkey(key, keylen, 689 protkey, protkeylen, protkeytype); 690 break; 691 default: 692 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 693 __func__, hdr->type); 694 return -EINVAL; 695 } 696 697 pr_debug("%s rc=%d\n", __func__, rc); 698 return rc; 699 } 700 EXPORT_SYMBOL(pkey_keyblob2pkey); 701 702 static int pkey_genseckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 703 enum pkey_key_type ktype, enum pkey_key_size ksize, 704 u32 kflags, u8 *keybuf, size_t *keybufsize) 705 { 706 int i, card, dom, rc; 707 708 /* check for at least one apqn given */ 709 if (!apqns || !nr_apqns) 710 return -EINVAL; 711 712 /* check key type and size */ 713 switch (ktype) { 714 case PKEY_TYPE_CCA_DATA: 715 case PKEY_TYPE_CCA_CIPHER: 716 if (*keybufsize < SECKEYBLOBSIZE) 717 return -EINVAL; 718 break; 719 case PKEY_TYPE_EP11: 720 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 721 return -EINVAL; 722 break; 723 case PKEY_TYPE_EP11_AES: 724 if (*keybufsize < (sizeof(struct ep11kblob_header) + 725 MINEP11AESKEYBLOBSIZE)) 726 return -EINVAL; 727 break; 728 default: 729 return -EINVAL; 730 } 731 switch (ksize) { 732 case PKEY_SIZE_AES_128: 733 case PKEY_SIZE_AES_192: 734 case PKEY_SIZE_AES_256: 735 break; 736 default: 737 return -EINVAL; 738 } 739 740 /* simple try all apqns from the list */ 741 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 742 card = apqns[i].card; 743 dom = apqns[i].domain; 744 if (ktype == PKEY_TYPE_EP11 || 745 ktype == PKEY_TYPE_EP11_AES) { 746 rc = ep11_genaeskey(card, dom, ksize, kflags, 747 keybuf, keybufsize, ktype); 748 } else if (ktype == PKEY_TYPE_CCA_DATA) { 749 rc = cca_genseckey(card, dom, ksize, keybuf); 750 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 751 } else { 752 /* TOKVER_CCA_VLSC */ 753 rc = cca_gencipherkey(card, dom, ksize, kflags, 754 keybuf, keybufsize); 755 } 756 if (rc == 0) 757 break; 758 } 759 760 return rc; 761 } 762 763 static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, 764 enum pkey_key_type ktype, enum pkey_key_size ksize, 765 u32 kflags, const u8 *clrkey, 766 u8 *keybuf, size_t *keybufsize) 767 { 768 int i, card, dom, rc; 769 770 /* check for at least one apqn given */ 771 if (!apqns || !nr_apqns) 772 return -EINVAL; 773 774 /* check key type and size */ 775 switch (ktype) { 776 case PKEY_TYPE_CCA_DATA: 777 case PKEY_TYPE_CCA_CIPHER: 778 if (*keybufsize < SECKEYBLOBSIZE) 779 return -EINVAL; 780 break; 781 case PKEY_TYPE_EP11: 782 if (*keybufsize < MINEP11AESKEYBLOBSIZE) 783 return -EINVAL; 784 break; 785 case PKEY_TYPE_EP11_AES: 786 if (*keybufsize < (sizeof(struct ep11kblob_header) + 787 MINEP11AESKEYBLOBSIZE)) 788 return -EINVAL; 789 break; 790 default: 791 return -EINVAL; 792 } 793 switch (ksize) { 794 case PKEY_SIZE_AES_128: 795 case PKEY_SIZE_AES_192: 796 case PKEY_SIZE_AES_256: 797 break; 798 default: 799 return -EINVAL; 800 } 801 802 zcrypt_wait_api_operational(); 803 804 /* simple try all apqns from the list */ 805 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 806 card = apqns[i].card; 807 dom = apqns[i].domain; 808 if (ktype == PKEY_TYPE_EP11 || 809 ktype == PKEY_TYPE_EP11_AES) { 810 rc = ep11_clr2keyblob(card, dom, ksize, kflags, 811 clrkey, keybuf, keybufsize, 812 ktype); 813 } else if (ktype == PKEY_TYPE_CCA_DATA) { 814 rc = cca_clr2seckey(card, dom, ksize, 815 clrkey, keybuf); 816 *keybufsize = (rc ? 0 : SECKEYBLOBSIZE); 817 } else { 818 /* TOKVER_CCA_VLSC */ 819 rc = cca_clr2cipherkey(card, dom, ksize, kflags, 820 clrkey, keybuf, keybufsize); 821 } 822 if (rc == 0) 823 break; 824 } 825 826 return rc; 827 } 828 829 static int pkey_verifykey2(const u8 *key, size_t keylen, 830 u16 *cardnr, u16 *domain, 831 enum pkey_key_type *ktype, 832 enum pkey_key_size *ksize, u32 *flags) 833 { 834 struct keytoken_header *hdr = (struct keytoken_header *)key; 835 u32 _nr_apqns, *_apqns = NULL; 836 int rc; 837 838 if (keylen < sizeof(struct keytoken_header)) 839 return -EINVAL; 840 841 if (hdr->type == TOKTYPE_CCA_INTERNAL && 842 hdr->version == TOKVER_CCA_AES) { 843 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 844 845 rc = cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0); 846 if (rc) 847 goto out; 848 if (ktype) 849 *ktype = PKEY_TYPE_CCA_DATA; 850 if (ksize) 851 *ksize = (enum pkey_key_size)t->bitsize; 852 853 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 854 ZCRYPT_CEX3C, AES_MK_SET, t->mkvp, 0, 1); 855 if (rc == 0 && flags) 856 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 857 if (rc == -ENODEV) { 858 rc = cca_findcard2(&_apqns, &_nr_apqns, 859 *cardnr, *domain, 860 ZCRYPT_CEX3C, AES_MK_SET, 861 0, t->mkvp, 1); 862 if (rc == 0 && flags) 863 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 864 } 865 if (rc) 866 goto out; 867 868 *cardnr = ((struct pkey_apqn *)_apqns)->card; 869 *domain = ((struct pkey_apqn *)_apqns)->domain; 870 871 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 872 hdr->version == TOKVER_CCA_VLSC) { 873 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 874 875 rc = cca_check_secaescipherkey(pkey_dbf_info, 3, key, 0, 1); 876 if (rc) 877 goto out; 878 if (ktype) 879 *ktype = PKEY_TYPE_CCA_CIPHER; 880 if (ksize) { 881 *ksize = PKEY_SIZE_UNKNOWN; 882 if (!t->plfver && t->wpllen == 512) 883 *ksize = PKEY_SIZE_AES_128; 884 else if (!t->plfver && t->wpllen == 576) 885 *ksize = PKEY_SIZE_AES_192; 886 else if (!t->plfver && t->wpllen == 640) 887 *ksize = PKEY_SIZE_AES_256; 888 } 889 890 rc = cca_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 891 ZCRYPT_CEX6, AES_MK_SET, t->mkvp0, 0, 1); 892 if (rc == 0 && flags) 893 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 894 if (rc == -ENODEV) { 895 rc = cca_findcard2(&_apqns, &_nr_apqns, 896 *cardnr, *domain, 897 ZCRYPT_CEX6, AES_MK_SET, 898 0, t->mkvp0, 1); 899 if (rc == 0 && flags) 900 *flags = PKEY_FLAGS_MATCH_ALT_MKVP; 901 } 902 if (rc) 903 goto out; 904 905 *cardnr = ((struct pkey_apqn *)_apqns)->card; 906 *domain = ((struct pkey_apqn *)_apqns)->domain; 907 908 } else if (hdr->type == TOKTYPE_NON_CCA && 909 hdr->version == TOKVER_EP11_AES) { 910 struct ep11keyblob *kb = (struct ep11keyblob *)key; 911 int api; 912 913 rc = ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1); 914 if (rc) 915 goto out; 916 if (ktype) 917 *ktype = PKEY_TYPE_EP11; 918 if (ksize) 919 *ksize = kb->head.bitlen; 920 921 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 922 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 923 ZCRYPT_CEX7, api, 924 ep11_kb_wkvp(key, keylen)); 925 if (rc) 926 goto out; 927 928 if (flags) 929 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 930 931 *cardnr = ((struct pkey_apqn *)_apqns)->card; 932 *domain = ((struct pkey_apqn *)_apqns)->domain; 933 934 } else if (hdr->type == TOKTYPE_NON_CCA && 935 hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 936 struct ep11kblob_header *kh = (struct ep11kblob_header *)key; 937 int api; 938 939 rc = ep11_check_aes_key_with_hdr(pkey_dbf_info, 940 3, key, keylen, 1); 941 if (rc) 942 goto out; 943 if (ktype) 944 *ktype = PKEY_TYPE_EP11_AES; 945 if (ksize) 946 *ksize = kh->bitlen; 947 948 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 949 rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain, 950 ZCRYPT_CEX7, api, 951 ep11_kb_wkvp(key, keylen)); 952 if (rc) 953 goto out; 954 955 if (flags) 956 *flags = PKEY_FLAGS_MATCH_CUR_MKVP; 957 958 *cardnr = ((struct pkey_apqn *)_apqns)->card; 959 *domain = ((struct pkey_apqn *)_apqns)->domain; 960 } else { 961 rc = -EINVAL; 962 } 963 964 out: 965 kfree(_apqns); 966 return rc; 967 } 968 969 static int pkey_keyblob2pkey2(const struct pkey_apqn *apqns, size_t nr_apqns, 970 const u8 *key, size_t keylen, 971 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 972 { 973 struct keytoken_header *hdr = (struct keytoken_header *)key; 974 int i, card, dom, rc; 975 976 /* check for at least one apqn given */ 977 if (!apqns || !nr_apqns) 978 return -EINVAL; 979 980 if (keylen < sizeof(struct keytoken_header)) 981 return -EINVAL; 982 983 if (hdr->type == TOKTYPE_CCA_INTERNAL) { 984 if (hdr->version == TOKVER_CCA_AES) { 985 if (keylen != sizeof(struct secaeskeytoken)) 986 return -EINVAL; 987 if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0)) 988 return -EINVAL; 989 } else if (hdr->version == TOKVER_CCA_VLSC) { 990 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 991 return -EINVAL; 992 if (cca_check_secaescipherkey(pkey_dbf_info, 993 3, key, 0, 1)) 994 return -EINVAL; 995 } else { 996 PKEY_DBF_ERR("%s unknown CCA internal token version %d\n", 997 __func__, hdr->version); 998 return -EINVAL; 999 } 1000 } else if (hdr->type == TOKTYPE_NON_CCA) { 1001 if (hdr->version == TOKVER_EP11_AES) { 1002 if (ep11_check_aes_key(pkey_dbf_info, 1003 3, key, keylen, 1)) 1004 return -EINVAL; 1005 } else if (hdr->version == TOKVER_EP11_AES_WITH_HEADER) { 1006 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 1007 3, key, keylen, 1)) 1008 return -EINVAL; 1009 } else { 1010 return pkey_nonccatok2pkey(key, keylen, 1011 protkey, protkeylen, 1012 protkeytype); 1013 } 1014 } else { 1015 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 1016 __func__, hdr->type); 1017 return -EINVAL; 1018 } 1019 1020 zcrypt_wait_api_operational(); 1021 1022 /* simple try all apqns from the list */ 1023 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 1024 card = apqns[i].card; 1025 dom = apqns[i].domain; 1026 if (hdr->type == TOKTYPE_CCA_INTERNAL && 1027 hdr->version == TOKVER_CCA_AES) { 1028 rc = cca_sec2protkey(card, dom, key, 1029 protkey, protkeylen, protkeytype); 1030 } else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1031 hdr->version == TOKVER_CCA_VLSC) { 1032 rc = cca_cipher2protkey(card, dom, key, 1033 protkey, protkeylen, 1034 protkeytype); 1035 } else { 1036 rc = ep11_kblob2protkey(card, dom, key, keylen, 1037 protkey, protkeylen, 1038 protkeytype); 1039 } 1040 if (rc == 0) 1041 break; 1042 } 1043 1044 return rc; 1045 } 1046 1047 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags, 1048 struct pkey_apqn *apqns, size_t *nr_apqns) 1049 { 1050 struct keytoken_header *hdr = (struct keytoken_header *)key; 1051 u32 _nr_apqns, *_apqns = NULL; 1052 int rc; 1053 1054 if (keylen < sizeof(struct keytoken_header) || flags == 0) 1055 return -EINVAL; 1056 1057 zcrypt_wait_api_operational(); 1058 1059 if (hdr->type == TOKTYPE_NON_CCA && 1060 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1061 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1062 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1063 struct ep11keyblob *kb = (struct ep11keyblob *) 1064 (key + sizeof(struct ep11kblob_header)); 1065 int minhwtype = 0, api = 0; 1066 1067 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1068 return -EINVAL; 1069 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1070 minhwtype = ZCRYPT_CEX7; 1071 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1072 } 1073 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1074 minhwtype, api, kb->wkvp); 1075 if (rc) 1076 goto out; 1077 } else if (hdr->type == TOKTYPE_NON_CCA && 1078 hdr->version == TOKVER_EP11_AES && 1079 is_ep11_keyblob(key)) { 1080 struct ep11keyblob *kb = (struct ep11keyblob *)key; 1081 int minhwtype = 0, api = 0; 1082 1083 if (flags != PKEY_FLAGS_MATCH_CUR_MKVP) 1084 return -EINVAL; 1085 if (kb->attr & EP11_BLOB_PKEY_EXTRACTABLE) { 1086 minhwtype = ZCRYPT_CEX7; 1087 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1088 } 1089 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1090 minhwtype, api, kb->wkvp); 1091 if (rc) 1092 goto out; 1093 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1094 u64 cur_mkvp = 0, old_mkvp = 0; 1095 int minhwtype = ZCRYPT_CEX3C; 1096 1097 if (hdr->version == TOKVER_CCA_AES) { 1098 struct secaeskeytoken *t = (struct secaeskeytoken *)key; 1099 1100 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1101 cur_mkvp = t->mkvp; 1102 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1103 old_mkvp = t->mkvp; 1104 } else if (hdr->version == TOKVER_CCA_VLSC) { 1105 struct cipherkeytoken *t = (struct cipherkeytoken *)key; 1106 1107 minhwtype = ZCRYPT_CEX6; 1108 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1109 cur_mkvp = t->mkvp0; 1110 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1111 old_mkvp = t->mkvp0; 1112 } else { 1113 /* unknown cca internal token type */ 1114 return -EINVAL; 1115 } 1116 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1117 minhwtype, AES_MK_SET, 1118 cur_mkvp, old_mkvp, 1); 1119 if (rc) 1120 goto out; 1121 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1122 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key; 1123 u64 cur_mkvp = 0, old_mkvp = 0; 1124 1125 if (t->secid == 0x20) { 1126 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1127 cur_mkvp = t->mkvp; 1128 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1129 old_mkvp = t->mkvp; 1130 } else { 1131 /* unknown cca internal 2 token type */ 1132 return -EINVAL; 1133 } 1134 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1135 ZCRYPT_CEX7, APKA_MK_SET, 1136 cur_mkvp, old_mkvp, 1); 1137 if (rc) 1138 goto out; 1139 } else { 1140 return -EINVAL; 1141 } 1142 1143 if (apqns) { 1144 if (*nr_apqns < _nr_apqns) 1145 rc = -ENOSPC; 1146 else 1147 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1148 } 1149 *nr_apqns = _nr_apqns; 1150 1151 out: 1152 kfree(_apqns); 1153 return rc; 1154 } 1155 1156 static int pkey_apqns4keytype(enum pkey_key_type ktype, 1157 u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags, 1158 struct pkey_apqn *apqns, size_t *nr_apqns) 1159 { 1160 u32 _nr_apqns, *_apqns = NULL; 1161 int rc; 1162 1163 zcrypt_wait_api_operational(); 1164 1165 if (ktype == PKEY_TYPE_CCA_DATA || ktype == PKEY_TYPE_CCA_CIPHER) { 1166 u64 cur_mkvp = 0, old_mkvp = 0; 1167 int minhwtype = ZCRYPT_CEX3C; 1168 1169 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1170 cur_mkvp = *((u64 *)cur_mkvp); 1171 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1172 old_mkvp = *((u64 *)alt_mkvp); 1173 if (ktype == PKEY_TYPE_CCA_CIPHER) 1174 minhwtype = ZCRYPT_CEX6; 1175 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1176 minhwtype, AES_MK_SET, 1177 cur_mkvp, old_mkvp, 1); 1178 if (rc) 1179 goto out; 1180 } else if (ktype == PKEY_TYPE_CCA_ECC) { 1181 u64 cur_mkvp = 0, old_mkvp = 0; 1182 1183 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1184 cur_mkvp = *((u64 *)cur_mkvp); 1185 if (flags & PKEY_FLAGS_MATCH_ALT_MKVP) 1186 old_mkvp = *((u64 *)alt_mkvp); 1187 rc = cca_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1188 ZCRYPT_CEX7, APKA_MK_SET, 1189 cur_mkvp, old_mkvp, 1); 1190 if (rc) 1191 goto out; 1192 1193 } else if (ktype == PKEY_TYPE_EP11 || 1194 ktype == PKEY_TYPE_EP11_AES || 1195 ktype == PKEY_TYPE_EP11_ECC) { 1196 u8 *wkvp = NULL; 1197 int api; 1198 1199 if (flags & PKEY_FLAGS_MATCH_CUR_MKVP) 1200 wkvp = cur_mkvp; 1201 api = ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4; 1202 rc = ep11_findcard2(&_apqns, &_nr_apqns, 0xFFFF, 0xFFFF, 1203 ZCRYPT_CEX7, api, wkvp); 1204 if (rc) 1205 goto out; 1206 1207 } else { 1208 return -EINVAL; 1209 } 1210 1211 if (apqns) { 1212 if (*nr_apqns < _nr_apqns) 1213 rc = -ENOSPC; 1214 else 1215 memcpy(apqns, _apqns, _nr_apqns * sizeof(u32)); 1216 } 1217 *nr_apqns = _nr_apqns; 1218 1219 out: 1220 kfree(_apqns); 1221 return rc; 1222 } 1223 1224 static int pkey_keyblob2pkey3(const struct pkey_apqn *apqns, size_t nr_apqns, 1225 const u8 *key, size_t keylen, 1226 u8 *protkey, u32 *protkeylen, u32 *protkeytype) 1227 { 1228 struct keytoken_header *hdr = (struct keytoken_header *)key; 1229 int i, card, dom, rc; 1230 1231 /* check for at least one apqn given */ 1232 if (!apqns || !nr_apqns) 1233 return -EINVAL; 1234 1235 if (keylen < sizeof(struct keytoken_header)) 1236 return -EINVAL; 1237 1238 if (hdr->type == TOKTYPE_NON_CCA && 1239 hdr->version == TOKVER_EP11_AES_WITH_HEADER && 1240 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1241 /* EP11 AES key blob with header */ 1242 if (ep11_check_aes_key_with_hdr(pkey_dbf_info, 1243 3, key, keylen, 1)) 1244 return -EINVAL; 1245 } else if (hdr->type == TOKTYPE_NON_CCA && 1246 hdr->version == TOKVER_EP11_ECC_WITH_HEADER && 1247 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) { 1248 /* EP11 ECC key blob with header */ 1249 if (ep11_check_ecc_key_with_hdr(pkey_dbf_info, 1250 3, key, keylen, 1)) 1251 return -EINVAL; 1252 } else if (hdr->type == TOKTYPE_NON_CCA && 1253 hdr->version == TOKVER_EP11_AES && 1254 is_ep11_keyblob(key)) { 1255 /* EP11 AES key blob with header in session field */ 1256 if (ep11_check_aes_key(pkey_dbf_info, 3, key, keylen, 1)) 1257 return -EINVAL; 1258 } else if (hdr->type == TOKTYPE_CCA_INTERNAL) { 1259 if (hdr->version == TOKVER_CCA_AES) { 1260 /* CCA AES data key */ 1261 if (keylen != sizeof(struct secaeskeytoken)) 1262 return -EINVAL; 1263 if (cca_check_secaeskeytoken(pkey_dbf_info, 3, key, 0)) 1264 return -EINVAL; 1265 } else if (hdr->version == TOKVER_CCA_VLSC) { 1266 /* CCA AES cipher key */ 1267 if (keylen < hdr->len || keylen > MAXCCAVLSCTOKENSIZE) 1268 return -EINVAL; 1269 if (cca_check_secaescipherkey(pkey_dbf_info, 1270 3, key, 0, 1)) 1271 return -EINVAL; 1272 } else { 1273 PKEY_DBF_ERR("%s unknown CCA internal token version %d\n", 1274 __func__, hdr->version); 1275 return -EINVAL; 1276 } 1277 } else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) { 1278 /* CCA ECC (private) key */ 1279 if (keylen < sizeof(struct eccprivkeytoken)) 1280 return -EINVAL; 1281 if (cca_check_sececckeytoken(pkey_dbf_info, 3, key, keylen, 1)) 1282 return -EINVAL; 1283 } else if (hdr->type == TOKTYPE_NON_CCA) { 1284 return pkey_nonccatok2pkey(key, keylen, 1285 protkey, protkeylen, protkeytype); 1286 } else { 1287 PKEY_DBF_ERR("%s unknown/unsupported blob type %d\n", 1288 __func__, hdr->type); 1289 return -EINVAL; 1290 } 1291 1292 /* simple try all apqns from the list */ 1293 for (rc = -ENODEV, i = 0; rc && i < nr_apqns; i++) { 1294 card = apqns[i].card; 1295 dom = apqns[i].domain; 1296 if (hdr->type == TOKTYPE_NON_CCA && 1297 (hdr->version == TOKVER_EP11_AES_WITH_HEADER || 1298 hdr->version == TOKVER_EP11_ECC_WITH_HEADER) && 1299 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) 1300 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1301 protkey, protkeylen, 1302 protkeytype); 1303 else if (hdr->type == TOKTYPE_NON_CCA && 1304 hdr->version == TOKVER_EP11_AES && 1305 is_ep11_keyblob(key)) 1306 rc = ep11_kblob2protkey(card, dom, key, hdr->len, 1307 protkey, protkeylen, 1308 protkeytype); 1309 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1310 hdr->version == TOKVER_CCA_AES) 1311 rc = cca_sec2protkey(card, dom, key, protkey, 1312 protkeylen, protkeytype); 1313 else if (hdr->type == TOKTYPE_CCA_INTERNAL && 1314 hdr->version == TOKVER_CCA_VLSC) 1315 rc = cca_cipher2protkey(card, dom, key, protkey, 1316 protkeylen, protkeytype); 1317 else if (hdr->type == TOKTYPE_CCA_INTERNAL_PKA) 1318 rc = cca_ecc2protkey(card, dom, key, protkey, 1319 protkeylen, protkeytype); 1320 else 1321 return -EINVAL; 1322 } 1323 1324 return rc; 1325 } 1326 1327 /* 1328 * File io functions 1329 */ 1330 1331 static void *_copy_key_from_user(void __user *ukey, size_t keylen) 1332 { 1333 if (!ukey || keylen < MINKEYBLOBBUFSIZE || keylen > KEYBLOBBUFSIZE) 1334 return ERR_PTR(-EINVAL); 1335 1336 return memdup_user(ukey, keylen); 1337 } 1338 1339 static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns) 1340 { 1341 if (!uapqns || nr_apqns == 0) 1342 return NULL; 1343 1344 return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn)); 1345 } 1346 1347 static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 1348 unsigned long arg) 1349 { 1350 int rc; 1351 1352 switch (cmd) { 1353 case PKEY_GENSECK: { 1354 struct pkey_genseck __user *ugs = (void __user *)arg; 1355 struct pkey_genseck kgs; 1356 1357 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1358 return -EFAULT; 1359 rc = cca_genseckey(kgs.cardnr, kgs.domain, 1360 kgs.keytype, kgs.seckey.seckey); 1361 pr_debug("%s cca_genseckey()=%d\n", __func__, rc); 1362 if (!rc && copy_to_user(ugs, &kgs, sizeof(kgs))) 1363 rc = -EFAULT; 1364 memzero_explicit(&kgs, sizeof(kgs)); 1365 break; 1366 } 1367 case PKEY_CLR2SECK: { 1368 struct pkey_clr2seck __user *ucs = (void __user *)arg; 1369 struct pkey_clr2seck kcs; 1370 1371 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1372 return -EFAULT; 1373 rc = cca_clr2seckey(kcs.cardnr, kcs.domain, kcs.keytype, 1374 kcs.clrkey.clrkey, kcs.seckey.seckey); 1375 pr_debug("%s cca_clr2seckey()=%d\n", __func__, rc); 1376 if (!rc && copy_to_user(ucs, &kcs, sizeof(kcs))) 1377 rc = -EFAULT; 1378 memzero_explicit(&kcs, sizeof(kcs)); 1379 break; 1380 } 1381 case PKEY_SEC2PROTK: { 1382 struct pkey_sec2protk __user *usp = (void __user *)arg; 1383 struct pkey_sec2protk ksp; 1384 1385 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1386 return -EFAULT; 1387 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1388 rc = cca_sec2protkey(ksp.cardnr, ksp.domain, 1389 ksp.seckey.seckey, ksp.protkey.protkey, 1390 &ksp.protkey.len, &ksp.protkey.type); 1391 pr_debug("%s cca_sec2protkey()=%d\n", __func__, rc); 1392 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 1393 rc = -EFAULT; 1394 memzero_explicit(&ksp, sizeof(ksp)); 1395 break; 1396 } 1397 case PKEY_CLR2PROTK: { 1398 struct pkey_clr2protk __user *ucp = (void __user *)arg; 1399 struct pkey_clr2protk kcp; 1400 1401 if (copy_from_user(&kcp, ucp, sizeof(kcp))) 1402 return -EFAULT; 1403 kcp.protkey.len = sizeof(kcp.protkey.protkey); 1404 rc = pkey_clr2protkey(kcp.keytype, kcp.clrkey.clrkey, 1405 kcp.protkey.protkey, 1406 &kcp.protkey.len, &kcp.protkey.type); 1407 pr_debug("%s pkey_clr2protkey()=%d\n", __func__, rc); 1408 if (!rc && copy_to_user(ucp, &kcp, sizeof(kcp))) 1409 rc = -EFAULT; 1410 memzero_explicit(&kcp, sizeof(kcp)); 1411 break; 1412 } 1413 case PKEY_FINDCARD: { 1414 struct pkey_findcard __user *ufc = (void __user *)arg; 1415 struct pkey_findcard kfc; 1416 1417 if (copy_from_user(&kfc, ufc, sizeof(kfc))) 1418 return -EFAULT; 1419 rc = cca_findcard(kfc.seckey.seckey, 1420 &kfc.cardnr, &kfc.domain, 1); 1421 pr_debug("%s cca_findcard()=%d\n", __func__, rc); 1422 if (rc < 0) 1423 break; 1424 if (copy_to_user(ufc, &kfc, sizeof(kfc))) 1425 return -EFAULT; 1426 break; 1427 } 1428 case PKEY_SKEY2PKEY: { 1429 struct pkey_skey2pkey __user *usp = (void __user *)arg; 1430 struct pkey_skey2pkey ksp; 1431 1432 if (copy_from_user(&ksp, usp, sizeof(ksp))) 1433 return -EFAULT; 1434 ksp.protkey.len = sizeof(ksp.protkey.protkey); 1435 rc = pkey_skey2pkey(ksp.seckey.seckey, ksp.protkey.protkey, 1436 &ksp.protkey.len, &ksp.protkey.type); 1437 pr_debug("%s pkey_skey2pkey()=%d\n", __func__, rc); 1438 if (!rc && copy_to_user(usp, &ksp, sizeof(ksp))) 1439 rc = -EFAULT; 1440 memzero_explicit(&ksp, sizeof(ksp)); 1441 break; 1442 } 1443 case PKEY_VERIFYKEY: { 1444 struct pkey_verifykey __user *uvk = (void __user *)arg; 1445 struct pkey_verifykey kvk; 1446 1447 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1448 return -EFAULT; 1449 rc = pkey_verifykey(&kvk.seckey, &kvk.cardnr, &kvk.domain, 1450 &kvk.keysize, &kvk.attributes); 1451 pr_debug("%s pkey_verifykey()=%d\n", __func__, rc); 1452 if (!rc && copy_to_user(uvk, &kvk, sizeof(kvk))) 1453 rc = -EFAULT; 1454 memzero_explicit(&kvk, sizeof(kvk)); 1455 break; 1456 } 1457 case PKEY_GENPROTK: { 1458 struct pkey_genprotk __user *ugp = (void __user *)arg; 1459 struct pkey_genprotk kgp; 1460 1461 if (copy_from_user(&kgp, ugp, sizeof(kgp))) 1462 return -EFAULT; 1463 kgp.protkey.len = sizeof(kgp.protkey.protkey); 1464 rc = pkey_genprotkey(kgp.keytype, kgp.protkey.protkey, 1465 &kgp.protkey.len, &kgp.protkey.type); 1466 pr_debug("%s pkey_genprotkey()=%d\n", __func__, rc); 1467 if (!rc && copy_to_user(ugp, &kgp, sizeof(kgp))) 1468 rc = -EFAULT; 1469 memzero_explicit(&kgp, sizeof(kgp)); 1470 break; 1471 } 1472 case PKEY_VERIFYPROTK: { 1473 struct pkey_verifyprotk __user *uvp = (void __user *)arg; 1474 struct pkey_verifyprotk kvp; 1475 1476 if (copy_from_user(&kvp, uvp, sizeof(kvp))) 1477 return -EFAULT; 1478 rc = pkey_verifyprotkey(kvp.protkey.protkey, 1479 kvp.protkey.len, kvp.protkey.type); 1480 pr_debug("%s pkey_verifyprotkey()=%d\n", __func__, rc); 1481 memzero_explicit(&kvp, sizeof(kvp)); 1482 break; 1483 } 1484 case PKEY_KBLOB2PROTK: { 1485 struct pkey_kblob2pkey __user *utp = (void __user *)arg; 1486 struct pkey_kblob2pkey ktp; 1487 u8 *kkey; 1488 1489 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1490 return -EFAULT; 1491 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1492 if (IS_ERR(kkey)) 1493 return PTR_ERR(kkey); 1494 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1495 rc = pkey_keyblob2pkey(kkey, ktp.keylen, ktp.protkey.protkey, 1496 &ktp.protkey.len, &ktp.protkey.type); 1497 pr_debug("%s pkey_keyblob2pkey()=%d\n", __func__, rc); 1498 kfree_sensitive(kkey); 1499 if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) 1500 rc = -EFAULT; 1501 memzero_explicit(&ktp, sizeof(ktp)); 1502 break; 1503 } 1504 case PKEY_GENSECK2: { 1505 struct pkey_genseck2 __user *ugs = (void __user *)arg; 1506 size_t klen = KEYBLOBBUFSIZE; 1507 struct pkey_genseck2 kgs; 1508 struct pkey_apqn *apqns; 1509 u8 *kkey; 1510 1511 if (copy_from_user(&kgs, ugs, sizeof(kgs))) 1512 return -EFAULT; 1513 apqns = _copy_apqns_from_user(kgs.apqns, kgs.apqn_entries); 1514 if (IS_ERR(apqns)) 1515 return PTR_ERR(apqns); 1516 kkey = kzalloc(klen, GFP_KERNEL); 1517 if (!kkey) { 1518 kfree(apqns); 1519 return -ENOMEM; 1520 } 1521 rc = pkey_genseckey2(apqns, kgs.apqn_entries, 1522 kgs.type, kgs.size, kgs.keygenflags, 1523 kkey, &klen); 1524 pr_debug("%s pkey_genseckey2()=%d\n", __func__, rc); 1525 kfree(apqns); 1526 if (rc) { 1527 kfree_sensitive(kkey); 1528 break; 1529 } 1530 if (kgs.key) { 1531 if (kgs.keylen < klen) { 1532 kfree_sensitive(kkey); 1533 return -EINVAL; 1534 } 1535 if (copy_to_user(kgs.key, kkey, klen)) { 1536 kfree_sensitive(kkey); 1537 return -EFAULT; 1538 } 1539 } 1540 kgs.keylen = klen; 1541 if (copy_to_user(ugs, &kgs, sizeof(kgs))) 1542 rc = -EFAULT; 1543 kfree_sensitive(kkey); 1544 break; 1545 } 1546 case PKEY_CLR2SECK2: { 1547 struct pkey_clr2seck2 __user *ucs = (void __user *)arg; 1548 size_t klen = KEYBLOBBUFSIZE; 1549 struct pkey_clr2seck2 kcs; 1550 struct pkey_apqn *apqns; 1551 u8 *kkey; 1552 1553 if (copy_from_user(&kcs, ucs, sizeof(kcs))) 1554 return -EFAULT; 1555 apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); 1556 if (IS_ERR(apqns)) { 1557 memzero_explicit(&kcs, sizeof(kcs)); 1558 return PTR_ERR(apqns); 1559 } 1560 kkey = kzalloc(klen, GFP_KERNEL); 1561 if (!kkey) { 1562 kfree(apqns); 1563 memzero_explicit(&kcs, sizeof(kcs)); 1564 return -ENOMEM; 1565 } 1566 rc = pkey_clr2seckey2(apqns, kcs.apqn_entries, 1567 kcs.type, kcs.size, kcs.keygenflags, 1568 kcs.clrkey.clrkey, kkey, &klen); 1569 pr_debug("%s pkey_clr2seckey2()=%d\n", __func__, rc); 1570 kfree(apqns); 1571 if (rc) { 1572 kfree_sensitive(kkey); 1573 memzero_explicit(&kcs, sizeof(kcs)); 1574 break; 1575 } 1576 if (kcs.key) { 1577 if (kcs.keylen < klen) { 1578 kfree_sensitive(kkey); 1579 memzero_explicit(&kcs, sizeof(kcs)); 1580 return -EINVAL; 1581 } 1582 if (copy_to_user(kcs.key, kkey, klen)) { 1583 kfree_sensitive(kkey); 1584 memzero_explicit(&kcs, sizeof(kcs)); 1585 return -EFAULT; 1586 } 1587 } 1588 kcs.keylen = klen; 1589 if (copy_to_user(ucs, &kcs, sizeof(kcs))) 1590 rc = -EFAULT; 1591 memzero_explicit(&kcs, sizeof(kcs)); 1592 kfree_sensitive(kkey); 1593 break; 1594 } 1595 case PKEY_VERIFYKEY2: { 1596 struct pkey_verifykey2 __user *uvk = (void __user *)arg; 1597 struct pkey_verifykey2 kvk; 1598 u8 *kkey; 1599 1600 if (copy_from_user(&kvk, uvk, sizeof(kvk))) 1601 return -EFAULT; 1602 kkey = _copy_key_from_user(kvk.key, kvk.keylen); 1603 if (IS_ERR(kkey)) 1604 return PTR_ERR(kkey); 1605 rc = pkey_verifykey2(kkey, kvk.keylen, 1606 &kvk.cardnr, &kvk.domain, 1607 &kvk.type, &kvk.size, &kvk.flags); 1608 pr_debug("%s pkey_verifykey2()=%d\n", __func__, rc); 1609 kfree_sensitive(kkey); 1610 if (rc) 1611 break; 1612 if (copy_to_user(uvk, &kvk, sizeof(kvk))) 1613 return -EFAULT; 1614 break; 1615 } 1616 case PKEY_KBLOB2PROTK2: { 1617 struct pkey_kblob2pkey2 __user *utp = (void __user *)arg; 1618 struct pkey_apqn *apqns = NULL; 1619 struct pkey_kblob2pkey2 ktp; 1620 u8 *kkey; 1621 1622 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1623 return -EFAULT; 1624 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1625 if (IS_ERR(apqns)) 1626 return PTR_ERR(apqns); 1627 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1628 if (IS_ERR(kkey)) { 1629 kfree(apqns); 1630 return PTR_ERR(kkey); 1631 } 1632 ktp.protkey.len = sizeof(ktp.protkey.protkey); 1633 rc = pkey_keyblob2pkey2(apqns, ktp.apqn_entries, 1634 kkey, ktp.keylen, 1635 ktp.protkey.protkey, &ktp.protkey.len, 1636 &ktp.protkey.type); 1637 pr_debug("%s pkey_keyblob2pkey2()=%d\n", __func__, rc); 1638 kfree(apqns); 1639 kfree_sensitive(kkey); 1640 if (!rc && copy_to_user(utp, &ktp, sizeof(ktp))) 1641 rc = -EFAULT; 1642 memzero_explicit(&ktp, sizeof(ktp)); 1643 break; 1644 } 1645 case PKEY_APQNS4K: { 1646 struct pkey_apqns4key __user *uak = (void __user *)arg; 1647 struct pkey_apqn *apqns = NULL; 1648 struct pkey_apqns4key kak; 1649 size_t nr_apqns, len; 1650 u8 *kkey; 1651 1652 if (copy_from_user(&kak, uak, sizeof(kak))) 1653 return -EFAULT; 1654 nr_apqns = kak.apqn_entries; 1655 if (nr_apqns) { 1656 apqns = kmalloc_array(nr_apqns, 1657 sizeof(struct pkey_apqn), 1658 GFP_KERNEL); 1659 if (!apqns) 1660 return -ENOMEM; 1661 } 1662 kkey = _copy_key_from_user(kak.key, kak.keylen); 1663 if (IS_ERR(kkey)) { 1664 kfree(apqns); 1665 return PTR_ERR(kkey); 1666 } 1667 rc = pkey_apqns4key(kkey, kak.keylen, kak.flags, 1668 apqns, &nr_apqns); 1669 pr_debug("%s pkey_apqns4key()=%d\n", __func__, rc); 1670 kfree_sensitive(kkey); 1671 if (rc && rc != -ENOSPC) { 1672 kfree(apqns); 1673 break; 1674 } 1675 if (!rc && kak.apqns) { 1676 if (nr_apqns > kak.apqn_entries) { 1677 kfree(apqns); 1678 return -EINVAL; 1679 } 1680 len = nr_apqns * sizeof(struct pkey_apqn); 1681 if (len) { 1682 if (copy_to_user(kak.apqns, apqns, len)) { 1683 kfree(apqns); 1684 return -EFAULT; 1685 } 1686 } 1687 } 1688 kak.apqn_entries = nr_apqns; 1689 if (copy_to_user(uak, &kak, sizeof(kak))) 1690 rc = -EFAULT; 1691 kfree(apqns); 1692 break; 1693 } 1694 case PKEY_APQNS4KT: { 1695 struct pkey_apqns4keytype __user *uat = (void __user *)arg; 1696 struct pkey_apqn *apqns = NULL; 1697 struct pkey_apqns4keytype kat; 1698 size_t nr_apqns, len; 1699 1700 if (copy_from_user(&kat, uat, sizeof(kat))) 1701 return -EFAULT; 1702 nr_apqns = kat.apqn_entries; 1703 if (nr_apqns) { 1704 apqns = kmalloc_array(nr_apqns, 1705 sizeof(struct pkey_apqn), 1706 GFP_KERNEL); 1707 if (!apqns) 1708 return -ENOMEM; 1709 } 1710 rc = pkey_apqns4keytype(kat.type, kat.cur_mkvp, kat.alt_mkvp, 1711 kat.flags, apqns, &nr_apqns); 1712 pr_debug("%s pkey_apqns4keytype()=%d\n", __func__, rc); 1713 if (rc && rc != -ENOSPC) { 1714 kfree(apqns); 1715 break; 1716 } 1717 if (!rc && kat.apqns) { 1718 if (nr_apqns > kat.apqn_entries) { 1719 kfree(apqns); 1720 return -EINVAL; 1721 } 1722 len = nr_apqns * sizeof(struct pkey_apqn); 1723 if (len) { 1724 if (copy_to_user(kat.apqns, apqns, len)) { 1725 kfree(apqns); 1726 return -EFAULT; 1727 } 1728 } 1729 } 1730 kat.apqn_entries = nr_apqns; 1731 if (copy_to_user(uat, &kat, sizeof(kat))) 1732 rc = -EFAULT; 1733 kfree(apqns); 1734 break; 1735 } 1736 case PKEY_KBLOB2PROTK3: { 1737 struct pkey_kblob2pkey3 __user *utp = (void __user *)arg; 1738 u32 protkeylen = PROTKEYBLOBBUFSIZE; 1739 struct pkey_apqn *apqns = NULL; 1740 struct pkey_kblob2pkey3 ktp; 1741 u8 *kkey, *protkey; 1742 1743 if (copy_from_user(&ktp, utp, sizeof(ktp))) 1744 return -EFAULT; 1745 apqns = _copy_apqns_from_user(ktp.apqns, ktp.apqn_entries); 1746 if (IS_ERR(apqns)) 1747 return PTR_ERR(apqns); 1748 kkey = _copy_key_from_user(ktp.key, ktp.keylen); 1749 if (IS_ERR(kkey)) { 1750 kfree(apqns); 1751 return PTR_ERR(kkey); 1752 } 1753 protkey = kmalloc(protkeylen, GFP_KERNEL); 1754 if (!protkey) { 1755 kfree(apqns); 1756 kfree_sensitive(kkey); 1757 return -ENOMEM; 1758 } 1759 rc = pkey_keyblob2pkey3(apqns, ktp.apqn_entries, 1760 kkey, ktp.keylen, 1761 protkey, &protkeylen, &ktp.pkeytype); 1762 pr_debug("%s pkey_keyblob2pkey3()=%d\n", __func__, rc); 1763 kfree(apqns); 1764 kfree_sensitive(kkey); 1765 if (rc) { 1766 kfree_sensitive(protkey); 1767 break; 1768 } 1769 if (ktp.pkey && ktp.pkeylen) { 1770 if (protkeylen > ktp.pkeylen) { 1771 kfree_sensitive(protkey); 1772 return -EINVAL; 1773 } 1774 if (copy_to_user(ktp.pkey, protkey, protkeylen)) { 1775 kfree_sensitive(protkey); 1776 return -EFAULT; 1777 } 1778 } 1779 kfree_sensitive(protkey); 1780 ktp.pkeylen = protkeylen; 1781 if (copy_to_user(utp, &ktp, sizeof(ktp))) 1782 return -EFAULT; 1783 break; 1784 } 1785 default: 1786 /* unknown/unsupported ioctl cmd */ 1787 return -ENOTTY; 1788 } 1789 1790 return rc; 1791 } 1792 1793 /* 1794 * Sysfs and file io operations 1795 */ 1796 1797 /* 1798 * Sysfs attribute read function for all protected key binary attributes. 1799 * The implementation can not deal with partial reads, because a new random 1800 * protected key blob is generated with each read. In case of partial reads 1801 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1802 */ 1803 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1804 loff_t off, size_t count) 1805 { 1806 struct protaeskeytoken protkeytoken; 1807 struct pkey_protkey protkey; 1808 int rc; 1809 1810 if (off != 0 || count < sizeof(protkeytoken)) 1811 return -EINVAL; 1812 if (is_xts) 1813 if (count < 2 * sizeof(protkeytoken)) 1814 return -EINVAL; 1815 1816 memset(&protkeytoken, 0, sizeof(protkeytoken)); 1817 protkeytoken.type = TOKTYPE_NON_CCA; 1818 protkeytoken.version = TOKVER_PROTECTED_KEY; 1819 protkeytoken.keytype = keytype; 1820 1821 protkey.len = sizeof(protkey.protkey); 1822 rc = pkey_genprotkey(protkeytoken.keytype, 1823 protkey.protkey, &protkey.len, &protkey.type); 1824 if (rc) 1825 return rc; 1826 1827 protkeytoken.len = protkey.len; 1828 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1829 1830 memcpy(buf, &protkeytoken, sizeof(protkeytoken)); 1831 1832 if (is_xts) { 1833 /* xts needs a second protected key, reuse protkey struct */ 1834 protkey.len = sizeof(protkey.protkey); 1835 rc = pkey_genprotkey(protkeytoken.keytype, 1836 protkey.protkey, &protkey.len, &protkey.type); 1837 if (rc) 1838 return rc; 1839 1840 protkeytoken.len = protkey.len; 1841 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len); 1842 1843 memcpy(buf + sizeof(protkeytoken), &protkeytoken, 1844 sizeof(protkeytoken)); 1845 1846 return 2 * sizeof(protkeytoken); 1847 } 1848 1849 return sizeof(protkeytoken); 1850 } 1851 1852 static ssize_t protkey_aes_128_read(struct file *filp, 1853 struct kobject *kobj, 1854 struct bin_attribute *attr, 1855 char *buf, loff_t off, 1856 size_t count) 1857 { 1858 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1859 off, count); 1860 } 1861 1862 static ssize_t protkey_aes_192_read(struct file *filp, 1863 struct kobject *kobj, 1864 struct bin_attribute *attr, 1865 char *buf, loff_t off, 1866 size_t count) 1867 { 1868 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1869 off, count); 1870 } 1871 1872 static ssize_t protkey_aes_256_read(struct file *filp, 1873 struct kobject *kobj, 1874 struct bin_attribute *attr, 1875 char *buf, loff_t off, 1876 size_t count) 1877 { 1878 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1879 off, count); 1880 } 1881 1882 static ssize_t protkey_aes_128_xts_read(struct file *filp, 1883 struct kobject *kobj, 1884 struct bin_attribute *attr, 1885 char *buf, loff_t off, 1886 size_t count) 1887 { 1888 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 1889 off, count); 1890 } 1891 1892 static ssize_t protkey_aes_256_xts_read(struct file *filp, 1893 struct kobject *kobj, 1894 struct bin_attribute *attr, 1895 char *buf, loff_t off, 1896 size_t count) 1897 { 1898 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 1899 off, count); 1900 } 1901 1902 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken)); 1903 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken)); 1904 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken)); 1905 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken)); 1906 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken)); 1907 1908 static struct bin_attribute *protkey_attrs[] = { 1909 &bin_attr_protkey_aes_128, 1910 &bin_attr_protkey_aes_192, 1911 &bin_attr_protkey_aes_256, 1912 &bin_attr_protkey_aes_128_xts, 1913 &bin_attr_protkey_aes_256_xts, 1914 NULL 1915 }; 1916 1917 static struct attribute_group protkey_attr_group = { 1918 .name = "protkey", 1919 .bin_attrs = protkey_attrs, 1920 }; 1921 1922 /* 1923 * Sysfs attribute read function for all secure key ccadata binary attributes. 1924 * The implementation can not deal with partial reads, because a new random 1925 * protected key blob is generated with each read. In case of partial reads 1926 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 1927 */ 1928 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf, 1929 loff_t off, size_t count) 1930 { 1931 struct pkey_seckey *seckey = (struct pkey_seckey *)buf; 1932 int rc; 1933 1934 if (off != 0 || count < sizeof(struct secaeskeytoken)) 1935 return -EINVAL; 1936 if (is_xts) 1937 if (count < 2 * sizeof(struct secaeskeytoken)) 1938 return -EINVAL; 1939 1940 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1941 if (rc) 1942 return rc; 1943 1944 if (is_xts) { 1945 seckey++; 1946 rc = cca_genseckey(-1, -1, keytype, seckey->seckey); 1947 if (rc) 1948 return rc; 1949 1950 return 2 * sizeof(struct secaeskeytoken); 1951 } 1952 1953 return sizeof(struct secaeskeytoken); 1954 } 1955 1956 static ssize_t ccadata_aes_128_read(struct file *filp, 1957 struct kobject *kobj, 1958 struct bin_attribute *attr, 1959 char *buf, loff_t off, 1960 size_t count) 1961 { 1962 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf, 1963 off, count); 1964 } 1965 1966 static ssize_t ccadata_aes_192_read(struct file *filp, 1967 struct kobject *kobj, 1968 struct bin_attribute *attr, 1969 char *buf, loff_t off, 1970 size_t count) 1971 { 1972 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf, 1973 off, count); 1974 } 1975 1976 static ssize_t ccadata_aes_256_read(struct file *filp, 1977 struct kobject *kobj, 1978 struct bin_attribute *attr, 1979 char *buf, loff_t off, 1980 size_t count) 1981 { 1982 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf, 1983 off, count); 1984 } 1985 1986 static ssize_t ccadata_aes_128_xts_read(struct file *filp, 1987 struct kobject *kobj, 1988 struct bin_attribute *attr, 1989 char *buf, loff_t off, 1990 size_t count) 1991 { 1992 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf, 1993 off, count); 1994 } 1995 1996 static ssize_t ccadata_aes_256_xts_read(struct file *filp, 1997 struct kobject *kobj, 1998 struct bin_attribute *attr, 1999 char *buf, loff_t off, 2000 size_t count) 2001 { 2002 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf, 2003 off, count); 2004 } 2005 2006 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken)); 2007 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken)); 2008 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken)); 2009 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken)); 2010 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken)); 2011 2012 static struct bin_attribute *ccadata_attrs[] = { 2013 &bin_attr_ccadata_aes_128, 2014 &bin_attr_ccadata_aes_192, 2015 &bin_attr_ccadata_aes_256, 2016 &bin_attr_ccadata_aes_128_xts, 2017 &bin_attr_ccadata_aes_256_xts, 2018 NULL 2019 }; 2020 2021 static struct attribute_group ccadata_attr_group = { 2022 .name = "ccadata", 2023 .bin_attrs = ccadata_attrs, 2024 }; 2025 2026 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80) 2027 2028 /* 2029 * Sysfs attribute read function for all secure key ccacipher binary attributes. 2030 * The implementation can not deal with partial reads, because a new random 2031 * secure key blob is generated with each read. In case of partial reads 2032 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2033 */ 2034 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits, 2035 bool is_xts, char *buf, loff_t off, 2036 size_t count) 2037 { 2038 size_t keysize = CCACIPHERTOKENSIZE; 2039 u32 nr_apqns, *apqns = NULL; 2040 int i, rc, card, dom; 2041 2042 if (off != 0 || count < CCACIPHERTOKENSIZE) 2043 return -EINVAL; 2044 if (is_xts) 2045 if (count < 2 * CCACIPHERTOKENSIZE) 2046 return -EINVAL; 2047 2048 /* build a list of apqns able to generate an cipher key */ 2049 rc = cca_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2050 ZCRYPT_CEX6, 0, 0, 0, 0); 2051 if (rc) 2052 return rc; 2053 2054 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2055 2056 /* simple try all apqns from the list */ 2057 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2058 card = apqns[i] >> 16; 2059 dom = apqns[i] & 0xFFFF; 2060 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2061 if (rc == 0) 2062 break; 2063 } 2064 if (rc) 2065 return rc; 2066 2067 if (is_xts) { 2068 keysize = CCACIPHERTOKENSIZE; 2069 buf += CCACIPHERTOKENSIZE; 2070 rc = cca_gencipherkey(card, dom, keybits, 0, buf, &keysize); 2071 if (rc == 0) 2072 return 2 * CCACIPHERTOKENSIZE; 2073 } 2074 2075 return CCACIPHERTOKENSIZE; 2076 } 2077 2078 static ssize_t ccacipher_aes_128_read(struct file *filp, 2079 struct kobject *kobj, 2080 struct bin_attribute *attr, 2081 char *buf, loff_t off, 2082 size_t count) 2083 { 2084 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2085 off, count); 2086 } 2087 2088 static ssize_t ccacipher_aes_192_read(struct file *filp, 2089 struct kobject *kobj, 2090 struct bin_attribute *attr, 2091 char *buf, loff_t off, 2092 size_t count) 2093 { 2094 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2095 off, count); 2096 } 2097 2098 static ssize_t ccacipher_aes_256_read(struct file *filp, 2099 struct kobject *kobj, 2100 struct bin_attribute *attr, 2101 char *buf, loff_t off, 2102 size_t count) 2103 { 2104 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2105 off, count); 2106 } 2107 2108 static ssize_t ccacipher_aes_128_xts_read(struct file *filp, 2109 struct kobject *kobj, 2110 struct bin_attribute *attr, 2111 char *buf, loff_t off, 2112 size_t count) 2113 { 2114 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2115 off, count); 2116 } 2117 2118 static ssize_t ccacipher_aes_256_xts_read(struct file *filp, 2119 struct kobject *kobj, 2120 struct bin_attribute *attr, 2121 char *buf, loff_t off, 2122 size_t count) 2123 { 2124 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2125 off, count); 2126 } 2127 2128 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE); 2129 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE); 2130 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE); 2131 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE); 2132 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE); 2133 2134 static struct bin_attribute *ccacipher_attrs[] = { 2135 &bin_attr_ccacipher_aes_128, 2136 &bin_attr_ccacipher_aes_192, 2137 &bin_attr_ccacipher_aes_256, 2138 &bin_attr_ccacipher_aes_128_xts, 2139 &bin_attr_ccacipher_aes_256_xts, 2140 NULL 2141 }; 2142 2143 static struct attribute_group ccacipher_attr_group = { 2144 .name = "ccacipher", 2145 .bin_attrs = ccacipher_attrs, 2146 }; 2147 2148 /* 2149 * Sysfs attribute read function for all ep11 aes key binary attributes. 2150 * The implementation can not deal with partial reads, because a new random 2151 * secure key blob is generated with each read. In case of partial reads 2152 * (i.e. off != 0 or count < key blob size) -EINVAL is returned. 2153 * This function and the sysfs attributes using it provide EP11 key blobs 2154 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently 2155 * 336 bytes. 2156 */ 2157 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits, 2158 bool is_xts, char *buf, loff_t off, 2159 size_t count) 2160 { 2161 size_t keysize = MAXEP11AESKEYBLOBSIZE; 2162 u32 nr_apqns, *apqns = NULL; 2163 int i, rc, card, dom; 2164 2165 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE) 2166 return -EINVAL; 2167 if (is_xts) 2168 if (count < 2 * MAXEP11AESKEYBLOBSIZE) 2169 return -EINVAL; 2170 2171 /* build a list of apqns able to generate an cipher key */ 2172 rc = ep11_findcard2(&apqns, &nr_apqns, 0xFFFF, 0xFFFF, 2173 ZCRYPT_CEX7, 2174 ap_is_se_guest() ? EP11_API_V6 : EP11_API_V4, 2175 NULL); 2176 if (rc) 2177 return rc; 2178 2179 memset(buf, 0, is_xts ? 2 * keysize : keysize); 2180 2181 /* simple try all apqns from the list */ 2182 for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { 2183 card = apqns[i] >> 16; 2184 dom = apqns[i] & 0xFFFF; 2185 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2186 PKEY_TYPE_EP11_AES); 2187 if (rc == 0) 2188 break; 2189 } 2190 if (rc) 2191 return rc; 2192 2193 if (is_xts) { 2194 keysize = MAXEP11AESKEYBLOBSIZE; 2195 buf += MAXEP11AESKEYBLOBSIZE; 2196 rc = ep11_genaeskey(card, dom, keybits, 0, buf, &keysize, 2197 PKEY_TYPE_EP11_AES); 2198 if (rc == 0) 2199 return 2 * MAXEP11AESKEYBLOBSIZE; 2200 } 2201 2202 return MAXEP11AESKEYBLOBSIZE; 2203 } 2204 2205 static ssize_t ep11_aes_128_read(struct file *filp, 2206 struct kobject *kobj, 2207 struct bin_attribute *attr, 2208 char *buf, loff_t off, 2209 size_t count) 2210 { 2211 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf, 2212 off, count); 2213 } 2214 2215 static ssize_t ep11_aes_192_read(struct file *filp, 2216 struct kobject *kobj, 2217 struct bin_attribute *attr, 2218 char *buf, loff_t off, 2219 size_t count) 2220 { 2221 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf, 2222 off, count); 2223 } 2224 2225 static ssize_t ep11_aes_256_read(struct file *filp, 2226 struct kobject *kobj, 2227 struct bin_attribute *attr, 2228 char *buf, loff_t off, 2229 size_t count) 2230 { 2231 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf, 2232 off, count); 2233 } 2234 2235 static ssize_t ep11_aes_128_xts_read(struct file *filp, 2236 struct kobject *kobj, 2237 struct bin_attribute *attr, 2238 char *buf, loff_t off, 2239 size_t count) 2240 { 2241 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf, 2242 off, count); 2243 } 2244 2245 static ssize_t ep11_aes_256_xts_read(struct file *filp, 2246 struct kobject *kobj, 2247 struct bin_attribute *attr, 2248 char *buf, loff_t off, 2249 size_t count) 2250 { 2251 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf, 2252 off, count); 2253 } 2254 2255 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE); 2256 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE); 2257 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE); 2258 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2259 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE); 2260 2261 static struct bin_attribute *ep11_attrs[] = { 2262 &bin_attr_ep11_aes_128, 2263 &bin_attr_ep11_aes_192, 2264 &bin_attr_ep11_aes_256, 2265 &bin_attr_ep11_aes_128_xts, 2266 &bin_attr_ep11_aes_256_xts, 2267 NULL 2268 }; 2269 2270 static struct attribute_group ep11_attr_group = { 2271 .name = "ep11", 2272 .bin_attrs = ep11_attrs, 2273 }; 2274 2275 static const struct attribute_group *pkey_attr_groups[] = { 2276 &protkey_attr_group, 2277 &ccadata_attr_group, 2278 &ccacipher_attr_group, 2279 &ep11_attr_group, 2280 NULL, 2281 }; 2282 2283 static const struct file_operations pkey_fops = { 2284 .owner = THIS_MODULE, 2285 .open = nonseekable_open, 2286 .llseek = no_llseek, 2287 .unlocked_ioctl = pkey_unlocked_ioctl, 2288 }; 2289 2290 static struct miscdevice pkey_dev = { 2291 .name = "pkey", 2292 .minor = MISC_DYNAMIC_MINOR, 2293 .mode = 0666, 2294 .fops = &pkey_fops, 2295 .groups = pkey_attr_groups, 2296 }; 2297 2298 /* 2299 * Module init 2300 */ 2301 static int __init pkey_init(void) 2302 { 2303 cpacf_mask_t func_mask; 2304 2305 /* 2306 * The pckmo instruction should be available - even if we don't 2307 * actually invoke it. This instruction comes with MSA 3 which 2308 * is also the minimum level for the kmc instructions which 2309 * are able to work with protected keys. 2310 */ 2311 if (!cpacf_query(CPACF_PCKMO, &func_mask)) 2312 return -ENODEV; 2313 2314 /* check for kmc instructions available */ 2315 if (!cpacf_query(CPACF_KMC, &func_mask)) 2316 return -ENODEV; 2317 if (!cpacf_test_func(&func_mask, CPACF_KMC_PAES_128) || 2318 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_192) || 2319 !cpacf_test_func(&func_mask, CPACF_KMC_PAES_256)) 2320 return -ENODEV; 2321 2322 pkey_debug_init(); 2323 2324 return misc_register(&pkey_dev); 2325 } 2326 2327 /* 2328 * Module exit 2329 */ 2330 static void __exit pkey_exit(void) 2331 { 2332 misc_deregister(&pkey_dev); 2333 pkey_debug_exit(); 2334 } 2335 2336 module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init); 2337 module_exit(pkey_exit); 2338